Security researchers stated that a flaw in Amazon’s Ring Video Doorbell Pro IoT device could have given hackers unauthorized access to the user’s wi-fi network and potentially to other connected devices on it.
The vulnerability was discovered by researchers at cybersecurity firm Bitdefender. The researchers stated that all Ring Doorbell cameras have now received a security patch from Amazon to mitigate the issue.
Ring Doorbells are internet-connected doorbells that provide motion-sensing and video surveillance capabilities. It allows the users to see and communicate with the people outside their doors via an app, even if they’re outside.
According to researchers, the vulnerability stems when the Ring smartphone app sends the wireless network connections to the Amazon Ring servers in the cloud. It’s found that this process is taking place in an insecure manner, which can be exploited by an attacker.
“When entering configuration mode, the device receives the user’s network credentials from the smartphone app. Data exchange is performed through plain HTTP, which means that the credentials are exposed to any nearby eavesdroppers,” Bitdefender said in a statement.
“Another important step in exploitation is a fact that a hostile actor can trigger the reconfiguration of the Ring Video Doorbell Pro. One way to do this is to continuously send reauthentication messages so that the device gets dropped from the wireless network. At this point, the mobile app loses connectivity and instructs the user to reconfigure the device,” the statement added.
The Internet of Things (IoT) has become a primary target for cybercriminals, exploiting vulnerabilities in them. Recently, a Milwaukee-based couple suffered a horrifying incident after their Smart Home setup was hacked by unknown intruders. The couple had installed a Nest system, (a setup of camera, doorbell, and thermostat) in their home last year.
According to Fox 6 News, the couple Samantha and Lamont Westmoreland stated that hackers took over their smart home by compromising the connected devices. The attacker played disturbing music from the video system at high-volume while talking to them via a camera in the kitchen and changed the room temperature to 90 degrees Fahrenheit by exploiting the thermostat, the couple stated.
Initially, the couple thought it was a technical glitch and changed their passwords, but the issue continued. The duo later changed their network ID, after realizing that someone hacked their Wi-Fi or Nest system.